b'FDIC\xe2\x80\x99s IT Contingency Planning Program\n\n(Report No. 04-038, September 22, 2004)\n\nSummary\n\nThis report presents the results of an audit by International Business Machines (IBM)\nBusiness Consulting Services (hereafter referred to as IBM), an independent professional\nservices firm engaged by the Federal Deposit Insurance Corporation (FDIC) Office of\nInspector General (OIG) to support its efforts to satisfy reporting requirements related to\nthe Federal Information Security Management Act (FISMA).\n\nThe objective of the audit was to determine whether the FDIC has an adequate\nInformation Technology (IT) Contingency Planning Program. The scope of IBM\xe2\x80\x99s audit\nfocused on the adequacy of the FDIC\xe2\x80\x99s policies, procedures, and tools for contingency\nplanning. IBM concluded that the FDIC had made progress since the OIG\xe2\x80\x99s 2003\nFISMA evaluation. However, improvements are needed to ensure that FDIC data can be\nrestored in a timely manner.\n\nRecommendations\n\nIBM made three recommendations to the FDIC\xe2\x80\x99s Chief Information Officer and Director,\nDivision of Information Resources Management (DIRM), to improve the FDIC\xe2\x80\x99s\ncontingency planning program.\n\nManagement Response\n\nDIRM has agreed to take corrective actions that adequately address the three\nrecommendations, which are resolved but will remain undispositioned and open for\nreporting purposes until we have determined that agreed-to corrective actions have been\ncompleted and are effective.\n\nThis report contains sensitive information regarding information security. Accordingly,\nwe have not made, nor do we intend to make, public release of the specific contents of the\nreport.\n\x0c'